On 24 April 2024, the European Data Protection Board ("EDPB") released a set of guidance documents and template complaint forms to facilitate the implementation of the redress mechanisms corresponding to the EU-U.S. Data...more
On 11 July 2023, the Department of Commerce’s International Trade Administration (ITA) published an operational update (Update) on implementation of the EU-U.S. Data Privacy Framework (DPF). Significant takeaways for Privacy...more
On 10 July 2023, the European Commission (EC) adopted its eagerly expected adequacy decision on data transfers under the EU-U.S. Data Privacy Framework (DPF). The adequacy decision was preceded by substantial changes to U.S....more
On 13 December 2022, the European Commission (“EC”) published its draft adequacy decision for the EU-U.S. Data Privacy Framework (“DPF”) that is intended to foster trans-Atlantic data flows and address the concerns raised by...more
The White House has issued its Executive Order on Enhancing Safeguards for United States Signal Intelligence Activities (“EO”), which provides additional due process protections to the use of surveillance mechanisms by U.S....more
10/10/2022
/ Court of Justice of the European Union (CJEU) ,
Data Privacy ,
EU ,
EU-US Privacy Shield ,
European Commission ,
Executive Orders ,
Foreign Intellgence ,
International Data Transfers ,
National Intelligence Agencies ,
Personal Data ,
Standard Contractual Clauses ,
Surveillance
The California Privacy Rights Act (CPRA) will require businesses to update their privacy notices with additional disclosures and post website links that allow consumers to exercise their new rights under the CPRA. In this...more
Virginia is on track to be the second U.S. state to enact comprehensive consumer privacy legislation. Both the Virginia House of Delegates and the Virginia Senate have passed nearly identical versions of the Consumer Data...more
2/10/2021
/ Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Information Governance ,
Legislative Agendas ,
Personal Data ,
Personally Identifiable Information ,
Regulatory Agenda ,
Risk Management ,
State and Local Government
The European Data Protection Board (EDPB) has issued its long-awaited practical guidance following the Court of Justice of the European Union’s (CJEU) landmark Schrems II decision....more
California voters have approved the California Privacy Rights Act (CPRA or Proposition 24), a new law coming into effect on January 1, 2023 that will significantly amend the California Consumer Privacy Act (CCPA). ...more
11/6/2020
/ California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Data-Sharing ,
Information Governance ,
Personal Data ,
Personally Identifiable Information ,
State and Local Government
On October 12, the California Attorney General announced a new set of proposed modifications to the CCPA regulations. Although this third set of proposed modifications is relatively brief, they would reinstate some provisions...more
10/27/2020
/ California Consumer Privacy Act (CCPA) ,
Comment Period ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Information Governance ,
Personal Data ,
State and Local Government ,
State Attorneys General
On Friday, the California Attorney General issued the final implementing regulations for the California Consumer Privacy Act (CCPA). The final regulations—which had been under review by the California Office of Administrative...more
8/18/2020
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Corporate Counsel ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Information Governance ,
Office of Administrative Law Judges (OALJ) ,
Personal Data ,
Personally Identifiable Information ,
Regulatory Requirements ,
State and Local Government
The table below sets out the guidance provided by data protection authorities (DPA) in response to the European Court of Justice’s landmark judgment in Case C-311/18 Data Protection Commissioner v. Facebook Ireland and...more
7/23/2020
/ Court of Justice of the European Union (CJEU) ,
Cybersecurity ,
Data Processors ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Ireland ,
Personal Data ,
Personally Identifiable Information ,
Schrems I & Schrems II ,
Standard Contractual Clauses
The Court of Justice of the European Union today invalidated the EU-US Privacy Shield and called into question the extent to which EU data exporters could rely on the European Commission’s Standard Contractual Clauses for...more
On June 1, The California Attorney General (CA AG) submitted the final text of the CCPA regulations to the California Office of Administrative Law (OAL) for approval. ...more
6/2/2020
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Information Governance ,
Personal Data ,
Personally Identifiable Information ,
Rulemaking Process ,
State and Local Government ,
State Attorneys General
Businesses spent the latter months of 2019 working hard to prepare for the January 1, 2020 implementation of the California Consumer Privacy Act (CCPA). ...more
5/7/2020
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Corporate Counsel ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Information Governance ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
Rulemaking Process ,
State and Local Government ,
State Attorneys General
On March 11, The California Attorney General (CA AG) released a second set of modifications to the proposed regulations implementing the California Consumer Privacy Act (CCPA)....more
3/13/2020
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Digital Service Providers ,
Information Governance ,
Opt-Outs ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
Regulatory Agenda ,
Regulatory Requirements ,
Right to Delete ,
Rulemaking Process ,
State and Local Government ,
State Attorneys General
On October 10, California Attorney General Xavier Becerra (CA AG) released proposed regulations to implement certain provisions of the California Consumer Privacy Act (CCPA). The CA AG also released a Notice of Proposed...more
10/14/2019
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
COPPA ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Information Sharing ,
Non-Discrimination Rules ,
NPRM ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
Proposed Regulation ,
Regulatory Agenda ,
Rulemaking Process ,
State and Local Government ,
State Attorneys General
A number of legislative proposals seeking to amend the California Consumer Privacy Act (CCPA) are moving forward following an April 23 hearing before the California Assembly’s Committee on Privacy and Consumer Protection in...more
4/25/2019
/ Amended Legislation ,
Anti-Discrimination Policies ,
California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Legislative Agendas ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
Proposed Legislation ,
Rulemaking Process
In June of 2018, California passed the California Consumer Privacy Act (CCPA), which seeks to give consumers additional safeguards regarding their personal information. The CCPA will become effective January of 2020 and may...more
4/5/2019
/ California Consumer Privacy Act (CCPA) ,
Data Management ,
Data Protection ,
Educational Institutions ,
FERPA ,
Personal Data ,
Personally Identifiable Information ,
Regulatory Oversight ,
Regulatory Requirements ,
Student Privacy ,
Student Records ,
Threshold Requirements